Web browser security and ARM

Post your comments, questions, bug reports or suggest new features for alphaOS
john3voltas
Expert
Posts: 266
Joined: 19 May 2013, 21:53

Web browser security and ARM

Postby john3voltas » 19 Jul 2014, 15:27

Yep, it's me again always worried about security.
It's great having Arch Rollback Machine because this way we can freeze in time which is needed for distros that run in a frugal way.
On the other hand it can somewhat compromise system security.
A web browser - being the first thing between our computers and a hacker - needs to be kept as much up-to-date as possible.
How can we do that using ARM?
As I type down this post, the most recent firefox release in Arch's repos is 30.0-1 whereas in ARM repo it's 28.0-1 which is probably from April 2014.
As said, I'm not interested in the bells n' whistles that newer releases usually bring with them. All I'm interested about is with security.
Is there a way to get newer or at least patched web browser releases using ARM as we do? What can we do to keep safe from those big bad bugs?
Cheers

simargl
Site Admin
Posts: 466
Joined: 16 May 2013, 10:54
Contact:

Re: Web browser security and ARM

Postby simargl » 19 Jul 2014, 17:01

There are many different firefox versions on AUR: nightly, aurora...
https://aur.archlinux.org/packages/?O=0 ... &SB=v&SO=d

john3voltas
Expert
Posts: 266
Joined: 19 May 2013, 21:53

Re: Web browser security and ARM

Postby john3voltas » 19 Jul 2014, 20:44

simargl wrote:There are many different firefox versions on AUR: nightly, aurora...
https://aur.archlinux.org/packages/?O=0 ... &SB=v&SO=d


Indeed Sim, but none of those versions is reliable because they are either beta or nightly builds.
I'm looking for stable AND up-to-date versions of firefox. :)
How can I achieve that given that pacman -S firefox will get me 28.0 which has known&unpatched vulnerabilities?
Thanks in advance
Cheers

john3voltas
Expert
Posts: 266
Joined: 19 May 2013, 21:53

Re: Web browser security and ARM

Postby john3voltas » 20 Jul 2014, 00:23

Just to put it into perspective:

Code: Select all

[list]Fixed in Firefox 30
MFSA 2014-54 Buffer overflow in Gamepad API
MFSA 2014-53 Buffer overflow in Web Audio Speex resampler
MFSA 2014-52 Use-after-free with SMIL Animation Controller
MFSA 2014-51 Use-after-free in Event Listener Manager
MFSA 2014-50 Clickjacking through cursor invisability after Flash interaction
MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer
MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)

Fixed in Firefox 29
MFSA 2014-47 Debugger can bypass XrayWrappers with JavaScript
MFSA 2014-46 Use-after-free in nsHostResolve
MFSA 2014-45 Incorrect IDNA domain name matching for wildcard certificates
MFSA 2014-44 Use-after-free in imgLoader while resizing images
MFSA 2014-43 Cross-site scripting (XSS) using history navigations
MFSA 2014-42 Privilege escalation through Web Notification API
MFSA 2014-41 Out-of-bounds write in Cairo
MFSA 2014-40 Firefox for Android addressbar suppression
MFSA 2014-39 Use-after-free in the Text Track Manager for HTML video
MFSA 2014-38 Buffer overflow when using non-XBL object as XBL
MFSA 2014-37 Out of bounds read while decoding JPG images
MFSA 2014-36 Web Audio memory corruption issues
MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer
MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)

Fixed in Firefox 28.0.1
MFSA 2014-33 File: protocol links downloaded to SD card by default[/list]


Sim, even if you create a 15.4 using ARM from this month, in a couple of months we'll have the same issue.
Yes, I know that browsers are not the only thing that needs patching everyday. But browsers and chat-clients are usually the first form of attack of the average hacker. That's how they can affect most users with less effort and that's why I think we should really think about this as a major issue.

Scooby
Site Admin
Posts: 826
Joined: 09 Sep 2013, 16:52

Re: Web browser security and ARM

Postby Scooby » 20 Jul 2014, 00:24

Here is a conversation about firefox of newer version

viewtopic.php?f=6&t=1126

I think you should read it through

it might make alphaos unstable ? :?: ?


Return to “General Discussion”

Who is online

Users browsing this forum: No registered users and 11 guests

cron